[conspire] (forw) Re: [Felton LUG] Re: Oh boy, this doesn't look good...
Rick Moen
rick at linuxmafia.com
Thu Jul 30 11:17:40 PDT 2020
----- Forwarded message from Rick Moen <rick at linuxmafia.com> -----
Date: Thu, 30 Jul 2020 11:16:17 -0700
From: Rick Moen <rick at linuxmafia.com>
To: Felton LUG <felton-lug at googlegroups.com>
Subject: Re: [Felton LUG] Re: Oh boy, this doesn't look good...
Organization: If you lived here, you'd be $HOME already.
Quoting B Reiss (bwr64x at gmail.com):
> Last time I did a full install of Ubunut-Mate, I used secure boot. It just
> kept causing issues.
I wouldn't use it on a bet, myself.
That's one of the reasons I referred to the article as clickbait: It's
likely that only Matthew Garrett and around 5-10 other Linux users ever
bother with UEFI Secure Boot at all.[1] (That's aside from considering
'root can do root things' making very odd sort of alleged 'security
vulnerability'.)
That doesn't prevent a cryptographically checked bootchain from being a
reasonable and valid concept per se, irrespective of how badly
implemented by MSFT and the motherboard firmware companies, in this case.
> So eventually I wiped and reinstalled with secure boot disabled. I came to
> view secure boot as a windows security feature that just doesn't work well
> for anything other than windows (assuming it actually works well with
> windows, the place I work has had endless issues because they write drivers
> for their hardware, and have to keep getting them signed by microsoft,
> apparently not a well documented process)
ISTR that that level of hassle doesn't exist when booting Linux from
UEFI Secure Boot.
BTW, should we now refer to you as Ubunut, mate? ;->
[1] Well, aside from computers where Secure Boot cannot be disabled in
the firmware, of which there may be some, and people who for bizarre
reasons insist on dual-booting and need/want Secure Boot for MS-Windows.
----- End forwarded message -----
More information about the conspire
mailing list